Setting VIT/VUL to Closed/Deferred

Go to solution
Khanna Ji
Tera Guru

‎02-25-2019 10:52 AM

Hi SecOps experts,

I was just thinking if I set VIT/VUL to Closed/Deferred and if that vulnerability state changes to fixed in Qualys, does that change the state in ServiceNow to closed or fixed or will it be ignored?

Wondering how state changes are handled between ServiceNow and Qualys. 

My understanding is - All VITs will be marked as closed irrespective of the state in ServiceNow once it gets updated as fixed in Qualys

0 Helpfuls
  • 2,186 Views
1 ACCEPTED SOLUTION

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-25-2019 12:05 PM

Swathi,

 

The Qualys state will be reflected in ServiceNow. This is done through the script include "QualysHostImportReportProcessor".

 

Search for the section that begins like this....

// Check for state conflict with status
if (!insert) {
// If Qualys status is fixed, state must be closed, fixed
// If Qualys state is not fixed, state must not be closed, fixed

...

 

Please mark this as Correct or Helpful so others can benefit from our conversation.

View solution in original post

15 REPLIES 15

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to Khanna Ji

‎02-26-2019 11:51 AM

Well... after re-reading the PRB and looking at the OOB code and what the article said vs what it showed... I think there is a typo in the PRB:

 

find_real_file.png

Preview file
106 KB
0 Helpfuls

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-26-2019 12:47 PM

Did you make this change sir? I am still afraid to make the changes. We are not imported fixed vulnerabilities though.

 

Are you able to see VITs getting closed when they are fixed in Qualys? If so then I don't think this change is needed.

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee

‎02-27-2019 07:40 AM

Swathi,

No, I did not make that change. But... It has me wondering. 

0 Helpfuls

Go to solution
Khanna Ji
Tera Guru
In response to Chris McDevitt

‎02-27-2019 06:44 PM

Maybe we should report this to Hi. Don't know if they are following this space.

0 Helpfuls

Go to solution
sukku
Tera Contributor
In response to Chris McDevitt

‎02-09-2021 12:04 AM

Hi Chris,

Hope you are doing well!

I have seen your post in GitHub on

QualysHostImportReportProcessor_handleVulnerableItem.js

From Qualys we are getting this type data whether it is confirmed or potential vulnerabilities in xml. But we need to add this data either to vulnerability or item table.

 

I have gone through this script include which you have mentioned in above post. But I could not find handleVulnerableItem function at all. I have even gone through other host detection script includes also.

We are in Orlando version. Could you please guide me where exactly we need to modify the script inorder to capture this data. Since these are all connector I am bit afraid to change the oob script includes as it might effect on other integrations to play around.

 

Thanks and Regards,

Sukanya

0 Helpfuls